So, you're a small or medium business in Maine and you're considering whether or not it makes sense to augment your IT department with a managed services provider. Whether you have a full time IT department or not, here are four primary considerations that may lead you to a Managed Services Provider:
1. You need to control costs - With the monthly contracted fee that managed services provides, you will have a budgeted and predictable IT expense over a fixed period of time (typically one year). While this is helpful for all businesses, it is particularly helpful for those who do annual budget plans and approvals.
2. Your IT complexity is increasing more quickly than your internal staffing can keep up with. The expertise of a good managed services provider supports your internal staff by enabling them with best practices learned through the management of many networks of various sizes and designed for many industries. This allows your IT staff to draw on this expertise when needed rather than developing this expensive, expertise in house.
3. You're more dependent than ever on IT - let's face it, downtime is extremely costly and most businesses suffer when their IT issues are not resolved professionally and quickly. The beauty of a good managed services provider is that they will monitor your IT and keep it running effectively to decrease or even eliminate any downtime. In the event of a problem, it is in both their and your best interest to resolve it quickly.
4. You want IT to be an asset to the operation/mission. When IT is running smoothly and effectively, it supports all the departments within a business and frees them to move their mission forward. Managed services ultimately allows you to focus on your mission, not your technology, and provides applications that just work, not take work.This makes everyone within the organization look and work smarter.
Working with a partner to help manage key aspects of your IT operations can address budget and resource needs—and help you put more focus on core business priorities. If you are a business in Northern New England look closely at KnowManager support which provides a service desk offering, remote and on-site support, external vulnerability scanning, vendor management, and annual IT planning sessions.
For an opportunity to learn more come to Know Technology's After-hours at Spread Restaurant, or sign up for a 60 day free trial of Know Technology's network monitoring.
Home Office Safety and Security Week passed from January 8-14, with little fanfare and fewer celebrations worthy of celebrity endorsements unlike the multitude of weight-loss resolution supporting products.
Although home office safety and security is not as sexy as other resolutions, exercising sound practices like trimming the fat from your computer resources can keep your home office fit, too.
Like a fun and effective calisthenics exercise program, it is never too late to get started, and keeping your office safe can be just as exhilarating.
As a recent home office computer inspection revealed 34 instances of malware in under 7 seconds, not performing these exercises can pack on the pounds that drag your system down.
Exercise 1: Bend and Reach – Bend down and reach under your desk to inspect your electrical plugs and computer cords for your computer and peripheral equipment. Ensure you are not at risk of overloading circuits or daisy-chaining extension cords that may overheat. Ensure your cords are not being pinched by furniture and that your cords are not set to where they may cause you to trip.
Exercise 2: Jumping Jacks – Inspect your area for network cables that may be strung in a fashion that may cause you or a client to trip. If you have wiring or cabling that is dangerous, unsightly or inconvenient, consider contacting one of the professionals at Know Technology to install a secure wireless solution or add cabling or a wireless network to your office.
Exercise 3: Grip Exercise – Get a grip on the wireless network if you are using one at your home office. This is a two-count exercise:
-
Ensure that the factory default logins and passwords have been changed to something not easily guessable.
-
If you are not using the wireless features of your wireless capable router, disable the wireless functionality.
Exercise 4: Surges – An exercise where less is more. Ensure you have surge suppression installed to protect your equipment. You may also consider installing an uninterrupted power supply to further protect your equipment and work from experiencing sudden power outages or brown-outs.
Exercise 5: Push-ups, sit-ups or chin-ups and other “Ups” exercises: Keeping your operating system and anti-virus packages up-to-date is critical and much easier than either of the other “ups” exercises. Performing frequent updates helps prevent malicious software from exercising known vulnerabilities.
Exercise 6: Strengthening the Core: Check your computer for applications that you do not use or unnecessary programs that start up automatically. These ‘extra’ applications may have vulnerabilities or take up processing cycles that unnecessarily slow your computer down or take precious memory resources. Eliminating the fat (the apps that you don’t need) from your PC can enable it to focus its energy on the applications important to you.
Social Engineering- using a little information to pose as someone else to get more information for fraudulent financial gain... protect your self with IT Risk Management
“Grand-mom, I am in trouble, and I need your help.” These were the first words heard by a local Camden septuagenarian resident when she picked up the phone. Convinced that this was her grandson who may be in need of assistance, she continued to talk with the fraudster as if it was her grandson. In this particular instance, the caller ultimately hung up when she expressed her actual plans to meet with him later that day – but he had her duped.
He had her duped like the other local resident who received a similar call about a grandson who needed bail money quickly to purportedly get out of jail in Canada. So, the willing grandfather sent the $7,500 by Western Union to the number the caller described. The money went to Mexico. You have guessed it, no grandson was in jail, certainly not in Canada, and he did not need to send the bail money to Mexico to get him out of jail in Canada – but he did. That man is now out $7,500. The caller played on the elderly, his emotions, and his desire to help.
This is a form of Social Engineering- using a little information to pose as someone else to get more information for fraudulent financial gain. Similar to phishing or pharming on a computer application with a fake website – phone scamming is an old trick in the book, but one we should not forget about – at our businesses or at home.
So, when my father showed up at my workplace and asked me, “are the kids alright, is there something they need?” he got a perplexed look and together we did a quick check of the clan. “Your mother just got this call . . . “and he wondered what to do.
He was a little surprised to hear that fraudsters have the ability to target, with accuracy, their potential victims, and I was surprised at his naïveté – but that is why I decided to share this personal story.
We talked about how people have the ability to determine the demographics (age, sex, location, and potential affluence by geography and phone numbers) just by surfing the web. Social Engineers use these pieces of information to begin making assumptive calls based upon the readily available demographics. In this case, the elderly were clearly being targeted; and they guessed right, my mother has grandchildren.
So if you receive an unexpected call requesting money to help a family member in need, know to:
-
Be aware of the scams
- Investment scams – offers too good to be true usually are
- Recent lottery winnings – if you did not buy a lottery ticket, you probably didn’t win
- Requests of cash to resolve a family emergency – double check
- Fraudsters posing as financial institutions asking your for your account information – your financial institution will never call you to ask for your information
-
Remember that people may be intentionally targeting you to ask for money over the phone
-
Don’t be overcome by emotions that may overwhelm your reason
- “I won 5 million dollars in the Kazakhstan lottery, I just need to send $5,000 to pay the taxes. . . .!”
- “I can get a guaranteed 30% on this investment for widgets – just send $10,000. . . “
- “Oh no, how terrible? I can send you the money right away. . . .”
-
Get as much information from the caller as possible
- Use caller ID to determine where the caller is calling from. Consider if it is one of your family member’s numbers.
- If you don’t have caller ID, try dialing *69 to get the number of the caller
- Try calling the number back to see the person’s response
-
Confirm with your relatives / loved ones that they are actually in need of assistance – or not
-
Upon identification of a fraud instance, report the occurrence to your local law enforcement
-
If you have elderly parents who may be susceptible to such a scan, please, share this information with them
-
Know Technology’s Information Risk Management division is available to assist people who have experienced a crisis or to provide social engineering prevention and information security awareness education to your employees.
And to that group of kids from Hawaii who called me a few months back; no, I now admit that I am not actually the Christopher Nolan who directed the Inception movie, but since you called me after midnight, forgive me for playing along.
The holiday season is the busiest time of year for consumer purchases and receiving messages from friends and family. The increase in purchases and communications can lead to an increased risk of being a victim to fraud activity. These ten simple IT Security precautions will help you say “bah-humbug” to those who are after your personal and financial information during the holiday season.
- When shopping online only provide your confidential information to secure sites – as identified by starting with “https” or by viewing the padlock icon in the URL.
- Consider using a credit card for online purchases as compared with a debit card. Credit cards typically carry limitations of liability (if noted within a reasonable period of time) compared with debit cards where inappropriate or unauthorized use may drain your personal checking account. Your credit card may also offer buyer protection for goods not delivered as compared with your debit card provider.
- When shopping online, use a gift card or one-time use card that is limited in its value to near or at the amount of the purchase.
- Be on the lookout for fake (phishing) expeditions where mock websites are pretending to be your financial institution and requesting your personal banking information.
- When you are using your debit or credit card at the mall or other crowded businesses, be careful of “shoulder surfers” who may be attempting to view your PIN as you type it into the reader.
- Maintain the anti-virus and anti-adware applications on your personal PC.
- Be suspicious of on screen advertisements that direct you away from the site and business that you were intending to purchase from. When in doubt, call the website contact number listed to help ensure you are doing business with a reputable company.
- Be wary of emails that you are not expecting – even from your friends, colleagues, and family members that contain a holiday greeting. It is common for fraudsters to use address books of email accounts to resend messages to those in the address book, and these messages typically carry malware that is intended to do harm to your computer or glean personal information.
- Delete “Chain” emails or greeting card emails which frequently carry malware that may place files on your computer unbeknownst to you that can damage your computer or send files or information to thieves. Do not resend chain emails - even special holiday message emails to your friends, colleagues, or family members.
- Do not open attachments from emails that you are not expecting – even if it says “Ho-Ho-Ho” or another holiday greeting in the subject line.
During the holiday season share good holiday cheer with your friends, colleagues and family members; limit your sharing with the Grinches who are looking for your valuable information. It is better to give than to receive except when considering your personal and financial information.
Posted by
Steve Hand on Wed, Nov 16, 2011 @ 08:55 AM
![iStock 000007145193XSmall[1]](/Portals/113822/images/iStock_000007145193XSmall[1].jpg)
I am enlightened on a day to day basis when working with organizations of various types and sizes when I discover how they view technology within their organization. Either technology is the necessary evil, or technology is the enabler that drives the organization forward. While there could be many positions between these ends of the spectrum, I find that almost every employee presents their organization on one end or the other. Wherever an organization falls, the prescription is the same - an IT assessment will provide relief.
Let’s start by examining organizations in the “necessary evil camp”. Providing solutions for these organizations is incredibly difficult, particularly when you consider how simple the goal appears. Here are a few different ways these organizations might explain their needs:
- “Keep the systems we must utilize running at the absolute minimum cost possible.”
- “Just make it work … have I told you that your rates are too high?”
- “Every time we have something big going on it breaks – how much is it going to cost this time?”
This environment presents a lose – lose situation. The organization, its employees, and the people trying to make IT work are never going to get ahead in this environment. Their perception of saving money is expensive in the long run. Organizations in this situation are always living a fire drill, and are seen by employees as operating a high drama, high stress place to work.
At the other end of the spectrum, you have organizations that take every opportunity to utilize technology solutions to drive their business forward. Some statements that exemplify organizations operating in an ideal technology-enabling environment are:
- “My foreman changed the schedule for three crews in the field today from his smartphone.”
- “Do you know we are saving 25% on our power bill following the virtualization project?”
- “It looks like our sales people are engaging with twice as many accounts since we provided their new systems.”
These cases seem like pie in the sky situations -they describe the benefits that business owners and executives can only dream of. In various IT maturity assessments these companies would be approaching the top category, which I often refer to as nirvana. Remember that you can never actually get to nirvana.
The reality is that very few companies are really at either end of the spectrum even though their employees may think so... So where is the disconnect? Rather than think of ourselves as average, we think of our environment as being either terrible or awesome. Ironically, from a business owner/executive position, I would rather be average and think I was terrible than think I was awesome and find out I am just average.
Generally, if you think you’re awesome and find out you are just average, it is usually because something really bad just happened. For instance:
- You back up every day but there was just a fire and there was no offsite data backup.
- One employee knows the entire system and it is running great, but it is not documented anywhere and that employee just experienced a major health issue.
- Your business is subject to some regulatory or compliance requirements and you learned this morning from the authorities that your organization has been compromised.
Realistically there is no way to alleviate all threats that may occur. Every company is somewhere on the continuum between fire drill and nirvana and the best way to move forward is to regularly assess your organization’s situation. Interestingly, fire drill organizations typically never assess their IT, while many nirvana organizations may have done some sort of assessment in the past but haven’t done so with any regularity.
For all organizations I prescribe an IT assessment treatment with three components:
1. It is performed separate from the normal course of business;
2. It follows a specific assessment structure regardless of being performed by internal or external resources;
3. it is performed on a recurring basis, preferably every 12 to 18 months.
From this assessment regimen, organizations experience the following benefits:
- A typical fire drill organization starts to spend its IT budget more wisely.
- A nirvana organization identifies gotchas that nobody was thinking about.
- Reliability of systems improves.
- IT budgets become more predictable.
- Employee satisfaction improves
In the end it doesn’t really matter how your organization and its employees view you falling on the spectrum. Whether your organization currently sees technology as a necessary evil or your company is trying to use technology to enable its way to nirvana, or sits somewhere in between
;, a regular technology assessment is the right prescription.
Posted by
Steve Hand on Thu, Nov 10, 2011 @ 09:43 AM
How often do you think about your IT infrastructure – the foundation of your organization? Based on my day to day experience with IT departments, not enough thought, care, and consideration goes into the IT infrastructure of most organizations.
I regularly work with organizational management to help them think of their IT infrastructure as they would the infrastructure that goes into building a new home. This metaphor helps us understand many key areas that are core to building either a solid home or, in our case, a sound IT infrastructure.
1. First we look at the foundation
Do you build your house on mud or on loose rocks stacked together? No – you excavate down to bedrock and poor cement footings and walls to provide a solid base for the house. During a network assessment we often find core network equipment sitting on the floor covered with dust, servers laying on their side under a desk (serving as a footrest) and switches propped up against a wall (held in position by one really tight network cable) or hiding behind a filing cabinet that hasn’t moved in years. The infrastructure of your network needs to have a solid foundation that starts with appropriate furniture, racks, and mounting systems. Ideally, all of your network infrastructure will be located in a designated space and mounted in a rack solution. If a rack solution is not possible, utilize some purpose-built shelving or desks for computer and network systems. As a compromise, if network infrastructure cannot be mounted to racks or furniture: utilize wall mounts to securely affix switches, etc… to the wall.
2. Next, we consider the electrical elements
Do you plug your stove, refrigerator, washer, dryer, etc… all into one outlet using power strips to provide enough outlets? Of course not – each appliance has an appropriate outlet rated for the power required with no extension cords or power strips utilized. In greater than 50% of the server rooms/closets we enter, we find overloaded electrical outlets, dead UPS units that are often connected to each other along with cheap power strips and extension cords. Interestingly, electrical is a key area where we often find significant cost savings by properly building out electrical capacity and distribution for the equipment. Investments made in providing appropriate 15, 20 or 30 amp circuits; utilizing 208V power vs 110; and implementing proper UPS and power distribution equipment , will improve the stability of your computing environment and save you both money and headaches over the long haul
3. Following this, we must look at the “plumbing”
Do you have 1/4” pipes distributing water throughout your home with no pressure tank or suitable hot water solution? I don’t think so – having hot and cold water everywhere when you want it is a creature comfort that we all take for granted. The Ethernet cabling connecting all of your network equipment together is the plumbing of your IT organization. Nevertheless, we run across network cabling on the floor, cables stretched to their max, multiple switches daisy chained together to provide a 2nd Ethernet connection for the office down the hall on the left, and the cheapest wireless access points used to provide network access for the managers or executives that want to use their laptop or iPad wirelessly. The biggest performance impediment for any network is inferior plumbing. Many organizations start looking at servers or workstations when they are experiencing performance issues with their systems when instead they should invest in structured cabling, quality switches and access points, along with people experienced in building scalable Ethernet networks.
4. Following this, we identify labeling and documentation issues
Common across all aspects of an IT infrastructure is the need to have great documentation and labeling. When you open the breaker panel in your house, ideally you see every breaker properly labeled. If you have been in your house for a while and performed any electrical work, it is likely that when you open your breaker panel you see some breakers clearly labeled and others with hard to read or no labels at all. This is probably similar to your IT infrastructure – some items are documented, diagrammed and labeled perfectly and other items have nothing at all. It is essential to get rigorous about demanding great documentation and labeling of every item in your IT infrastructure.
Foundations, Electrical, Plumbing and Documentation are only four of the several components to understand when building a great house or a great IT infrastructure for your organization. Other key areas for consideration include HVAC, Security, Servers and Storage. Look for future discussions about these in the coming weeks.
For most businesses IT investments can become more of a burden than a benefit. Return on investment can be difficult to manage, and resources (whether they are system, network, or human) can be hard to acquire and maintain.
As an alternative to staff augmentation or systems purchases, many businesses have turned to IT managed services as a viable solution for their technology needs. With the added sophistication that many managed services providers have today, there are solid quantifiable reasons to consider IT managed services for your business.
Staff augmentation has many additional costs associated including ongoing training, benefits, and attrition rates. With IT managed services these issues are all absorbed by the provider with a service level agreement (SLA) to insure you will receive consistent support.
System upgrades, troubleshooting, support and routine maintenance can be a burden for in-house staff. IT managed services, on the other hand, can take on these issues without interruption to other important technology projects for your business.
Service providers can provide a variety of metrics and reports to allow the business to determine the return on investment for the services. From downtime and performance reports to forecasting for upgrades or larger networks, IT managed service providers have the ability to help a business with cost justification for virtually any IT expenditures.
Since the inception of outsourcing and managed services, the processes that are used have become highly reliable and sustainable. An IT managed services provider can connect to your business regardless of the location or technology and provide gratifying services that keep your business running.
The numbers do not lie. In a recent study published by CompTIA regarding Trends in Managed Services, 46 percent of firms have trimmed their annual IT expenditures by 25 percent or more?? This is a significant benefit that no business should ignore. The study also notes that even if a business utilizes IT managed services on just a small scale, there are distinguishable benefits.
One important key to partnering with an IT managed service provider is to find a company who will work in tangent with your business and align itself to your business needs and objectives. The agreement should include performance metrics and service level agreements that will meet the company?s needs without taxing the budget to an extreme. Also frequent status reports reflecting issues and provider performance should be reviewed with the provider. With the right partnership and frequent communication, your business can also leverage the power of IT managed services.
Posted by
Steve Hand on Thu, Nov 03, 2011 @ 09:20 AM
![iStock 000012991678XSmall[1]](/Portals/113822/images/iStock_000012991678XSmall[1].jpg)
Like many IT professionals, I continue to hear a lot of talk about the cloud. In October I spoke at a well attended Momentum Convention session where we discussed ways to help organizations understand cloud computing, and to consider the benefits and risks in transitioning to the cloud. It strikes me at times that the terminology we use when discussing cloud options sounds a lot like what you might hear from investment bankers.
There are two common discussions about types of cloud computing. The first focuses on types of public cloud offerings: Infrastructure as a Service, Platform as a Service, and Software as a Service (IaaS, PaaS and SaaS respectively). The second discussion takes place around public cloud offerings vs. private solutions.
I am reminded of the investment banking world when I hear IT folks talking about “going public” or “we’ve decided to go private” or “we’re taking a hybrid approach with part of our organization going public as we keep the remainder private. But, we’ll get back to Wall Street in a minute…
For now, let’s discuss public cloud offerings by answering three key questions:
- Are you a tech savvy organization that is simply looking for computing (processing capacity, storage capacity, and database capacity) in the cloud? If so, you are looking for an IaaS provider. These organizations provide plenty of cloud based computing power that is charged based on usage (# of processors, amount of storage utilized, etc…) you get the computing power you need and the provider takes care of building, maintaining, patching and upgrading the systems. There are a lot of IaaS providers on the market and buyer beware; an IaaS provider is not an IaaS provider.
- Is your organization developing software which requires a software development platform (.NET, Java, Drupal, Ruby on Rails) in the cloud to build your solution on? If so, you need to be talking with a PaaS provider. These organizations provide a fully maintained development platform using the same type of usage based pricing. You get the development platform you need and the provider takes care of all the details to provision and maintain both the systems and the development platform. The market for PaaS is starting to build steam. It is the smallest segment, but it’s growing fast with offerings such as Amazon and Microsoft’s Azure.
- Is your organization simply looking for a cloud based solution for a business need? If so, welcome to SaaS. Software as a Service is the largest cloud segment with numerous solutions available to your organization such as email, collaboration, crm, accounting, backup, etc… Microsoft Office 365 (formerly known as BPOS,) Google Apps, and SalesForce are the most well known, but the list goes on and on with local, regional, national and international players all on the field.
Now getting back to Wall Street, while we see companies of all sizes moving to the public cloud, it is clear that only some organizations are able to take their entire organization public, while others may decide that from a scale or requirements standpoint the public cloud just doesn’t work. To further complicate things, the decision to “go private” is often misunderstood within organizations.
Let’s look more closely at this. In the overall scheme of things, very few organizations will actually deploy a private cloud. A cloud of any type requires, among other things, scalability, fault tolerance, consumption based reporting & billing and self-service. Without incorporating these components, one does not have a private cloud: instead, they simply have a highly virtualized environment. It is unclear how large a company must be to economically take advantage of a private cloud solution. It is probably somewhere in the realm of a 1500+ person organization. There are definitely cases where a smaller organization makes a deliberate decision based on criteria other than economics, (such as security or compliance) to deploy a private cloud infrastructure.
In the worlds of Wall Street and high finance it is costly and complicated to go public and relatively painless to remain private. However, for the IT director, the context of these words has an entirely opposite meaning. Going public in the cloud is a relatively easy approach when compared to the costs and technical requirements of developing a private cloud.
Big or small, think about your organization’s needs – are there public offerings that you can benefit from, or is it better for your business to stay internal, or private? For those that have large enough organizations the cost/benefit equation for a private cloud deployment makes sense. Whatever your decision, before making a move to cloud carefully evaluate your options with the same level of strategic consideration and understanding you would give a significant financial decision.
If there are two hot topics these days, certainly they would include Managed Services and Virtualization.
While a lot of companies (and plenty of their IT partners) are embroiled with both, I’ve noticed that there’s often less leverage and awareness between the two than there should be. Granted, managed services is usually handled by an internal or external support group that may not have been involved in the design and implementation work done to support server and application virtualization, beyond the handoff (“here’s some new servers for you to support…”). Likewise, a lot of the justifications for Virtualization – like lower power usage, isolating applications and creating test environments, don’t really speak to how the virtualized servers are managed after implementation.
In fact, some recent surveys I’ve read confirm that server virtualization is growing like crazy (more that 50% of IT shops say it will be the dominant model of computing, and 73% of larger IT shops already are using the technology). The “but” in those statistics is that it’s so easy to set up a new server that proliferation of virtualized servers is putting stress on the management tasks.
Over half of the virtualized shops report that “server sprawl” is growing as a management issue, and another popular blogger, Frank Berry, reports that “Virtualization 3.0” will be all about load balancing. And that’s where my point about the tie-in to managed services offerings comes in.
I sit in a monthly managed services meeting, reviewing monitoring reports on our client’s infrastructure. Invariably, one of the most interesting parts of those meetings is looking at the results on the various virtual servers that we’re managing for them. With data collected every few minutes over the course of a month, patterns quickly emerge that suggest ways to improve performance and get more work out of their existing hardware.
A typical conversation might go: “look, that server is never going above 4 GB of memory usage, but that other one is maxing out for extended periods, and the page file usage is averaging over 30%. Let’s move 2 GB of memory (virtually) from the first one over and see if we can get the numbers back in line…”. Making the switch during a maintenance window is easy, and of course, the monitoring tools can immediately show the difference.
But, what tools work best? How often should monitoring data be reviewed? Why can’t you just make those judgments by looking at CPU utilization in Task Manager? What kind of skills does it take to manage Virtual environments vs. the skills to set up Virtualization in the first place? Can management for virtual servers be outsourced easily, and what should you look for to make sure you’re getting the right kind of help?
All those are great questions, and we’ll use this set of postings to continue the conversation. In the meantime, I’ll love to hear your own stories about how you tackle the on-going management of virtual servers, the tools you use, and what’s worked an what’s not. After all, we’re spending the money to get the benefits, so it makes sense to look at every opportunity Virtualization gives us.
Next post: The best tools for monitoring
Cloud computing is not all that new, people have been using services technology resources outside of their organization for a couple of decades now – now it just branded under a new name. Whether it is old or new, there are considerations that any organization, business, or agency should consider when thinking about storing their information at another facility or depending on an application where connectivity to the Internet is assumed to be always present.
![iStock 000017784356XSmall[1]](/Portals/113822/images/iStock_000017784356XSmall[1].jpg)
Businesses, agencies, and organizations have moved many of their legacy internalresources to the Cloud to take advantage of the economy of scale, application expertise, and the ability to access the information from any Internet capable device; and these, among other benefits, are great advantages that Cloud Computing can bring to an enterprise – however, is your organization ready for it? What should you consider?
In your threat and vulnerability assessment, consider the new risks that are posed and the ways in which you can mitigate some of that risk. As stated by NIST, “it is critical to recognize that security is cross-cutting that spans across all layers of the reference model, ranges from physical security to application security, and in general shares the responsibility between the cloud provider and the consumer.” It is the responsibility of the consumer to ensure the same standards of security that would be in place with a local application are in place with a cloud based application. It is incumbent upon the consumer to ensure those controls exist.
Five things to consider:
-
This is a marriage doomed for failure. When this marriage ends – who owns the data? How do I get it back? What happens if the business fails? How am I going to get my information back? This marriage, or agreement with the Cloud provider will end at some point. Only consider moving into this agreement as a marriage that is doomed for failure from the start. Once this is ingrained in your mind, ensure the contract language is written to protect the assets and information that you care about the most – especially after the marriage is over.
-
Where is my data? Do I know where my information really is? Is there a restriction of where I can house the data? Can my information cross international boundaries without penalties of fines or other legal ramifications?
-
Who has access to my information? Will other people be reading my information? Am I placing my information into someone’s system that adequately denies others from seeing my data? Believe it or not, there are application providers who may allow you to see other’s information (I won’t mention the provider in mind – but this is a real example) and you better bet they are able to see yours, too. Are you OK with that? If not, look somewhere else or ensure that provider secures your information – and test it.
-
How can I access my information? What happens if there a denial-of-service-attack to that provider that prohibits me from connecting to that service or the Internet? Are there adequate provisions in my contract where I receive credit or payment for loss of service?
-
If this is a SaaS arrangement, who will control the maintenance cycle? If there is a feature that I need for my organization is there a mechanism that will reasonably assure that I will have access to that feature or feature’s development within the desired timeframe of my business model? If there is maintenance to be done (and there should be) when will that maintenance occur – to better fit my schedule or theirs?
Cloud computing is here to stay – either by its current brand or another down the road. With the further development of consumer driven applications and consumer experiences that demand access to robust applications, economies of scale computing will be required for the long term. There are many business reasons to adopt cloud computing into the organization. Ensure you conduct a thorough threat and vulnerability analysis before marrying your technology partner. Love can cause people to do strange things, and some applications can truly look very hot at the start; so don’t get burned. Make sure to use reason and objectivity when selecting the best partner – and secure a great contractual prenuptial agreement.